What Kinds of PII Typically End Up in Customer Support Software?

Do you want to know what the most expensive commodity is nowadays? If so, take a look at the value of customer information a.k.a personal identifiable information (PII). It is important to both companies and customers. Customers want to receive excellent support and companies need it to guarantee top-notch practices.

However, customers want to keep their information private and secure while upgrading their experiences. If you target consumers under the age of 45, you simply can’t present your offer without letting them know your privacy policy as 61% of this age bracket is active about their privacy.

Third parties have a role here too! They ensure that companies build up quality customer profiles and histories  while safeguarding all collected data. There are two basic PII data controllers: the customer and the authorized company. One of these can authorize the third party company based on the purpose of data disclosure. The third party can be a data vendor or data sharing center, or it can be another business your customer decided to cooperate with.

All parties included in the data processing cycle have certain rights and responsibilities created with a goal of ensuring maximum data protection and complete data compliance. Depending on where your business is located or which industry it belongs to, you may have to comply with relevant data laws and regulations. All these rules mandate unique compliance procedures and have specific definitions of what constitutes PII.

Data collecting, sharing, and protecting may sound like too much work. Luckily, a secure and fast-performing customer support software takes these troubles off your plate, leaving you with a lot more time and money to invest in further growing your business.

Let’s see what is considered PII so that you know what you should protect!

A.What is considered PII?

Personally identifiable information or PII refers to any kind of information that can be traced back to a specific individual or consumer. The hacker’s main motivation for breaking into your database is to profit from selling your customers’ and employees’ PII, and all your valuable company information related to payments and identification.

The responsibility for protecting such information has grown exponentially over the past two years with the introduction of privacy policies worldwide. When it comes to the healthcare, education, and financial industries in the US, privacy and protection policies have been in existence for quite a while. Each of these has a unique understanding of PII that they are expected to shield. There is no doubt that protecting PII and complying with these policies is an extremely challenging job, but it can be easily accomplished with the help of a secure customer support software focused on data privacy and the relevant legislation.

B. PII in privacy law

Privacy and protection laws have reshaped the global business scene. The strictest safeguards are spelled out in their specific regulations, mandating legal data obligations for companies. They all introduced a set of privacy rules that you need to incorporate into your company’s privacy policy. While they don’t mandate any specific practices and tools you need to utilize, it is advisable to follow the latest customer support technology trends.


The EU’s General Data Privacy Regulation (GDPR) was enacted in 2018 with the goal of protecting the personal information of EU residents. The GDPR eliminates the need for industry-specific data legislation, putting companies that exchange goods and services within the European Union under the same legal umbrella.

Whether you are an EU-registered or non-registered business, if you collect personal data on EU residents, the same requirements apply to you. This privacy policy defines PII as any data that enables clear identification of an individual.

2. CCPA and CPRA

Another major privacy law, the California Consumer Privacy Act (CCPA) also aims to make sure that companies that operate with a large amount of PII do so in a safe and respectful way. The novel California Privacy Rights Act (CPRA) further improved this practice by adding explanations on both PII and sensitive data. To run a legitimate business in California, you need to define PII in your privacy policy as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” For both CCPA and CPRA, individuals and households are both recognized as data subjects whose PII you need to protect. It’s important to be careful about this distinction!


The Health Insurance Portability and Accountability Act (HIPAA) mandates specific practices regarding the use of Electronic Protected Health Information (e-PHI). In this case, PII is known under the concept e-PHI, meaning all information that can be found in patients’ medical records and communication channels between doctors, patients, and staff qualifies.


The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a law imposed to control how financial institutions handle clients’ data within the US. Similar to HIPAA, the GLBA created its own term for PII which is non-identifiable information (NPI). PII in finance consists of any consumer information collected by a financial institution. It can be related to data that’s required to complete regular services as well as data collected for marketing purposes.


The education industry in the US needs to take care of their PII too! The Family Educational Rights and Privacy Act (FERPA) defines educational PII as any student’s data that separates them as a person and a citizen.

C. Types of PII

1. Basic Identifying

It is impossible to create a customer profile without knowing their first and last name, right? These basic pieces of information allow you to initiate communication like in everyday life. A personalized customer experience has a high price these days. Moreover, 80% of consumers claim they would rather shop from a brand that offers a personalized experience. Thus, make sure that your agents know your customers' names at the very least!

2. ID data

For some services you need to provide your ID or passport numbers. Financial institutions include legal obligations for which they need your legal identification. An airline company will need your passport number to help you check in for a flight. Both of these industries will need to shield your legal data in the best way possible!

3. IP address and network details

With tech advancements came a new type of data that also needs to be protected. Besides recording your name, support software also saves your location, customer IP address and network detail, such as the name of your network provider. This feature is of great importance when detecting unauthorized access to your database.

4. Physical addresses

Whether you are subscribing to a service or purchasing an actual product, you are alwayse asked to provide your home and billing addresses. This type of PII is essential for performing a basic service, and to provide you with a better customer experience based on your location. If you are a global business, knowing your customers’ locations can help you greatly in determining their needs, adapting language settings, and providing service in the right time zone.

5. Financial account data

Financial data includes the most sensitive data. With a data breach, your credit card number can be exposed and all your money could be stolen. Your bank account can suffer continuous interference from hackers and may even lead to identity theft. Financial organizations are obliged to protect this data as well as the data on your payment history, account number(s), loan or deposit balance(s), and credit or debit card purchase(s). In other words, you must protect any data you collect about an individual in connection with providing a financial product or service.

6. Medical data

The most valuable medical data is your Social Security number as it can be used for purchasing a medicine. Your biometric data may be less valuable; however, fingerprints are one of the most popular products on the illegal markets. Also, facial images are not that far behind in popularity.

Unfortunately, patients are usually not aware of the security risk associated with carelessly putting their medical PII or other HIPAA-protected identifiers into unsecured communication channels such as email or social media chatbots. That is precisely how highly valuable data ends up in unsecure databases, putting the whole business in big trouble because it can be easily hacked. On the other hand, if you have deployed a customer support software that takes care of all your communication while keeping it safe, you don’t need to worry about customer or employee mistakes!

7. The Keys

There are two relevant keys related to customer PII: SSH and Bitcoin. SSH keys are the keys used for gaining access to encrypted connections whereas Bitcoin keys are the secret tools that allow you to unlock your Bitcoin and send it over to an intended party. If your customers partake in either of these two connections they will most likely leave key details in the support chats. Hackers already know this, which is why they largely target customer support departments. It is simple: the more info you gather, the bigger cyberattack problem you may experience. However, again, if you keep your data under your own roof, then you’ll be free to chat with your customers as you wish.

8. Login IDs

The protection of PII boils down to protecting the login IDs that limit access to all other sensitive customer information. Passwords and verification details should be kept as the greatest secret and never shared via unsecure tools such as email. Thus, it is important to make sure that this information is only stored within your customer support software.

Furthermore, having a password and multifactor verification are the first two security steps your support software should enable. The advanced software should also provide Captcha and Honeypot options, as well as Attachment Whitelisting.

If you want to bring your security to the maximum level then consider applying the most advanced security measures such as:

  • Agent UI IP Whitelisting
  • Adjustable inactivity time
  • Access permissions
  • Single Sign On (SSO) technology

Learn about the most secure On-Premise customer support software solution today.

Join 1000s of businesses in delivering customer support in the most secure way possible.

Get Started Now
  • No credit card required
  • 14 day free trial